Lucene search
K

321 matches found

OSV
OSV
added 2021/10/04 2:15 p.m.4 views

CVE-2021-37777

Gila CMS 2.2.0 is vulnerable to Insecure Direct Object Reference IDOR. Thumbnails uploaded by one site owner are visible by another site owner just by knowing the other site name and fuzzing for picture names. This leads to sensitive information disclosure...

7.5CVSS6.9AI score0.01648EPSS
Exploits1References1
Prion
Prion
added 2021/10/04 2:15 p.m.18 views

Information disclosure

Gila CMS 2.2.0 is vulnerable to Insecure Direct Object Reference IDOR. Thumbnails uploaded by one site owner are visible by another site owner just by knowing the other site name and fuzzing for picture names. This leads to sensitive information disclosure...

5CVSS7.2AI score0.01648EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2021/09/10 2:15 p.m.3 views

CVE-2021-38339

The Simple Matted Thumbnails WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $SERVER"PHPSELF" value in the /simple-matted-thumbnail.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.01...

6.1CVSS5.8AI score0.00866EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2021/09/10 1:34 p.m.6 views

CVE-2021-38339 Simple Matted Thumbnails <= 1.01 Reflected Cross-Site Scripting

The Simple Matted Thumbnails WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $SERVER"PHPSELF" value in the /simple-matted-thumbnail.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.01...

6.1CVSS6.1AI score0.00866EPSS
Exploits1References2
CVE
CVE
added 2021/09/10 1:34 p.m.46 views

CVE-2021-38339

The CVE-2021-38339 entry affects the WordPress plugin Simple Matted Thumbnails, version ≤ 1.01. The vulnerability is a Reflected Cross-Site Scripting flaw caused by a reflected value in $_SERVER["PHP_SELF"] within the simple-matted-thumbnail.php file, enabling an attacker to inject arbitrary web ...

6.1CVSS6AI score0.00866EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2021/09/10 12:0 a.m.5 views

WordPress 插件 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress Plugin is an open source application plugin for WordPress. WordPress Simple Matted Thumbnails suffers fr...

6.1CVSS6.1AI score0.00866EPSS
Exploits1References4
Patchstack
Patchstack
added 2021/09/09 12:0 a.m.21 views

WordPress Simple Matted Thumbnails plugin <= 1.01 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by p7e4 in WordPress Simple Matted Thumbnails plugin versions = 1.01. Solution This plugin has been closed as of September 7, 2021 and is not available for download. This closure is temporary, pending a full review...

6.1CVSS2.6AI score0.00866EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2021/04/13 12:0 a.m.10 views

Microsoft Raw Image Extension 代码注入漏洞

Microsoft Raw Image Extension is a software application from Microsoft. It enables the viewing of thumbnails and metadata for supported raw file formats directly in Windows File Explorer or the viewing of images in the Photos application. A code injection vulnerability exists in Microsoft Raw Ima...

7.8CVSS8.2AI score0.05914EPSS
Exploits0References5
Wired Threat Level
Wired Threat Level
added 2021/03/30 11:0 a.m.40 views

YouTube Has a Disturbingly Creepy Minecraft Problem

A WIRED investigation has found dozens of kid-focused videos with disturbing thumbnails that the platform serves up on the Topic pages of popular games...

2.2AI score
Exploits0
CNVD
CNVD
added 2020/03/25 12:0 a.m.4 views

Unspecified Vulnerability in Samsung Mobile Devices (CNVD-2020-30402)

Android is a free and open source operating system from Google based on the Linux kernel without GNU components. An unspecified vulnerability exists in Samsung mobile devices, which can be exploited by an attacker to obtain thumbnails of content in private mode...

5.3CVSS6.5AI score0.0034EPSS
Exploits0References1
OSV
OSV
added 2020/03/24 8:15 p.m.4 views

CVE-2019-20593

An issue was discovered on Samsung mobile devices with N7.x and O8.x software. Gallery leaks Private Mode thumbnails. The Samsung ID is SVE-2019-14208 July 2019...

5.3CVSS6.1AI score0.0034EPSS
Exploits0References1
CVE
CVE
added 2020/03/24 7:49 p.m.52 views

CVE-2019-20593

CVE-2019-20593 concerns Samsung mobile devices running N(7.x) or O(8.x) software where the Gallery app leaks Private Mode thumbnails. Public descriptions across multiple sources (NVD entry, Red Hat advisory, CNVD, CVE pages) consistently state the vulnerability involves information disclosure via...

5.3CVSS5.4AI score0.0034EPSS
Exploits0References1Affected Software1
Fedora
Fedora
added 2020/01/17 5:9 a.m.13 views

[SECURITY] Fedora 31 Update: ImageMagick-6.9.10.86-1.fc31

ImageMagick is an image display and manipulation tool for the X Window System. ImageMagick can read and write JPEG, TIFF, PNM, GIF, and Photo CD image formats. It can resize, rotate, sharpen, color reduce, or add special effects to an image, and when finished you can either save the completed wor...

0.8AI score
Exploits0
Prion
Prion
added 2019/07/30 9:15 p.m.15 views

Design/Logic Flaw

Bypass lock protection in the Nextcloud Android app prior to version 3.6.2 causes leaking of thumbnails when requesting the Android content provider although the lock protection was not solved...

2.1CVSS4AI score0.00434EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2019/07/30 8:32 p.m.19 views

CVE-2019-5452

Bypass lock protection in the Nextcloud Android app prior to version 3.6.2 causes leaking of thumbnails when requesting the Android content provider although the lock protection was not solved...

3.7AI score0.00434EPSS
Exploits1References1
Debian
Debian
added 2018/11/24 5:31 p.m.253 views

[SECURITY] [DLA 1593-1] phpbb3 security update

Package : phpbb3 Version : 3.0.12-5+deb8u2 CVE ID : CVE-2018-19274 Simon Scannell and Robin Peraglie of RIPS Technologies discovered that passing an absolute path to a fileexists check in phpBB, a full featured web forum, allows remote code execution through Object Injection by employing Phar...

7.2CVSS7.3AI score0.05201EPSS
Exploits1
Prion
Prion
added 2018/08/24 10:29 p.m.22 views

Design/Logic Flaw

Pimcore allows XSS via Users, Assets, Data Objects, Video Thumbnails, Image Thumbnails, Field-Collections, Objectbrick, Classification Store, Document Types, Predefined Properties, Predefined Asset Metadata, Quantity Value, and Static Routes functions...

3.5CVSS5.5AI score0.03121EPSS
Exploits5References4Affected Software1
OSV
OSV
added 2018/08/24 10:29 p.m.29 views

CVE-2018-14059

Pimcore allows XSS via Users, Assets, Data Objects, Video Thumbnails, Image Thumbnails, Field-Collections, Objectbrick, Classification Store, Document Types, Predefined Properties, Predefined Asset Metadata, Quantity Value, and Static Routes functions...

5.4CVSS5.7AI score
Exploits0References4
CVE
CVE
added 2018/08/24 10:0 p.m.70 views

CVE-2018-14059

CVE-2018-14059 corresponds to a Pimcore XSS vulnerability exposed in Pimcore 5.2.3 and earlier and affects multiple entry points: Users, Assets, Data Objects, Video/Image Thumbnails, Field-Collections, Objectbrick, Classification Store, Document Types, Predefined Properties, Predefined Asset Meta...

5.4CVSS5.4AI score0.03121EPSS
Exploits5References4Affected Software1
The Hacker News
The Hacker News
added 2018/06/18 2:50 p.m.3 views

Apple macOS Bug Reveals Cache of Sensitive Data from Encrypted Drives

Security researchers are warning of almost a decade old issue with one of the Apple's macOS feature which was designed for users' convenience but is potentially exposing the contents of files stored on password-protected encrypted drives. Earlier this month, security researcher Wojciech Regula fr...

6.5AI score
Exploits0
Rows per page
Query Builder